On Sat, 2011-06-11 at 15:47 +0200, Dominick Grift wrote:
On Sat, 2011-06-11 at 14:40 +0100, Arthur Dent wrote:
> The other slightly odd thing is that when I place the system back into
> Enforcing mode I get no AVCs, but some of the Spamassassin checks
> (Especially iXhash I think) don't seem to be run, but give no errors.
Try to reproduce it after you ran : semodule -DB
semodule -DB loads the policy with any rules to silently deny access
removed.
Then see for AVC denials again.
After checking do : semodule -B to load the policy with the rules to
silently deny access re-inserted
OK I'll try that..
> Anyway, the above AVC looked strange and I didn't want to create a local
> policy module for it until I had checked with the chaps here...
This does not look particularly strange. The pipe is probably created by
systemd.
So, should I create a policy module to allow it?
I guess the "ask-password" bit of "SELinux is preventing
/bin/systemd-tty-ask-password-agent from read access on the fifo_file 136:0."
worried me a bit...